Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1390 — Vulnerability Class 62

62 vulnerabilities classified as CWE-1390. AI Chinese analysis included.

CWE-1390 represents a critical authentication weakness where the system fails to adequately verify a user’s claimed identity, allowing unauthorized access through insufficient proof mechanisms. Attackers typically exploit this vulnerability by bypassing security controls with minimal effort, often leveraging weak passwords, missing multi-factor authentication, or flawed session management to gain illicit entry. This deficiency enables rapid credential stuffing or brute-force attacks that succeed where robust systems would fail. To mitigate this risk, developers must implement strong, multi-layered authentication protocols, including complex password policies, multi-factor authentication, and adaptive risk-based analysis. By ensuring that identity verification is rigorous and resistant to common bypass techniques, organizations can significantly reduce the attack surface and protect sensitive resources from unauthorized exploitation.

MITRE CWE Description
The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. Attackers may be able to bypass weak authentication faster and/or with less effort than expected.
Common Consequences (1)
Integrity, Confidentiality, Availability, Access ControlRead Application Data, Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or even execute arbitrary code.
Examples (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE IDTitleCVSSSeverityPublished
CVE-2023-24890 Microsoft OneDrive for iOS Security Feature Bypass Vulnerability — OneDrive for iOS 6.5 Medium2023-03-14
CVE-2022-43400 Siemens Siveillance Video Mobile Server 授权问题漏洞 — Siveillance Video Mobile Server V2022 R2 9.8 -2022-10-21

Vulnerabilities classified as CWE-1390 represent 62 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.